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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the appUcation: 
Listing of Claims: 

1. (currently amended) A method for a Dorvicc provider on a 
private network to provide a ocrviGC for an external client on an 
external network to access a service provider on a private 
network via a gateway bridging the private and external networks, 
including the service provider carrying out the otcpo of the 
service provider having a virtual name that is bound by a first 
binding to the address of the gateway on the external network 
and by a second binding to the address of the service provider 
on the private network, the method comprising upon the client 
using the virtual name to access the service provider : 

allocating a virtual name to the service provider; 

making the virtual name available to a client on the 

external network ; 

binding the virtual name to the routing addrcoo of the 

gateway on the external network; — afid 

binding the virtual name to the routing addrcoa of the 

aervicc provider on the private network 
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using the first binding to enable the client to contact the 
gateway and thereby setting up a first session between the client 
and the gateway; and 

using the second binding to enable the gateway to contact 
the service provider and thereby setting up a second session 
between the client and the service provider, the second session 
being nested in the first session between the client and gateway 
such that second-session data is encapsulated in first-session 
data and is forwarded by the gateway between the client and 
service provider . 

2. (currently amended) A method as claimed in claim 1 in which 
the first and second bindings are held on virtual name io bound 
to the routing addrcaa of the gateway and the routing addrcoo of 
the ocrvicc provider by way of an external domain name server and 
a private domain name server, respectively. 

3. (currently amended) A method as claimed in claim 1 in which 
the first binding is held on an external domain name server, and 
the second binding comprises a first part held by an internal 
naming service of the gateway and mapping the virtual name to a 
real name of the service provider, and a second part held by the 
external domain name server and mapping the real name of the 
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service provider to its address on the private network virtual 
name io bound to the routing addrcsa of the acrvicc provider on 
an internal naming ocrvicc . 

4. (original) A method as claimed in any preceding claim in 
which the external network includes the internet. 

5. (cancelled) 

6. (currently amended) A method as claimed in claim 3^ [[5]] in 
which the first and second sessions are both secure sessions with 
their data being mcooagco communicated between the client and the 
oervice provider arc encrypted. 

7. (currently amended) A method as claimed in claim 1 in which 
the client is on a second private internal network distinct from 
the private internal network of the service provider_^ aftd a 
second gateway bridges the second private internal network and 
external network, and the client has a second virtual name that 
is bound by a third binding to the address of the second gateway 
on the external network and by a fourth binding to the address of 
the client on the second private network the method including the 
steps of : 
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allocating a occond virtual name to the client; 

malcing the aecond virtual name available to the oervice 

provider; 

binding the occond virtual name to the routing address of 

the occond gateway on the external network; — and 

binding the occond virtual name to the routing addrcoo of 

the client on the occond internal networlc . 

8. (currently amended) A method as claimed in claim 1 in which 
there io a second service provider on the a second private 
network is able to communicate with an external network via a 
second gateway bridging the second private network and the 
external network, and the second service provider has a second 
virtual name that is bound by a third binding to the address of 
the second gateway on the external network and by a fourth 
binding to the address of the second service provider on the 
second private network 
including the otcpo of : 

allocating a occond virtual name to the occond oervice 

provider; 

making the occond virtual name available to a client; 

binding the occond virtual name to the routing addrcoo of 

the occond gateway on the external network; — 
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binding the accond virtual name to the routing addrcDO of 

the accond acrvioc provider on the occond private nctworlc . 

9. (currently amended) A method as claimed in claim 1, in which 
the external network includes a further private network 
containing the private network of the service provider and there 
is a further gateway bridging the further private network to the 
portion of the external network which is external to the further 
private network, and wherein the method including the additional 
Qtepo of : 

binding the virtual name is bound by a third binding to a 
routing address of the further gateway on the portion of the 
external network which is external to the further private 
network. 

10. (currently amended) A method of providing access to a server 
on a private network from an external client on an external 
network via a gateway bridging the private and external networks, 
the gateway supporting tunnelling of second messages to said 
server by encapsulating them in first messages routed to the 
gateway [ [ ; ] ] _^ the method comprising involving : 

4a-) allocating a virtual name to the server and mapping it by a 

first mapping to the routing address of the gateway on the 
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external network and by a second mapping to the routing address 
of the server on the private network; 

-{h) at said external client, using the virtual name to address 

a said first message and a said second message, the former 
encapsulating the latter; 

4e^ using the first mapping to route the first message, with 

its encapsulated second message, to the gateway; and 

-fd^ using the second mapping to route the second message 

extracted at the gateway from the first message, to the server. 



11, (original) A method as claimed in claim 10 in which said 

first messages are encrypted. 



